Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-12818

Опубликовано: 13 нояб. 2025
Источник: debian
EPSS Низкий

Описание

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
postgresql-18fixed18.1-1package
postgresql-17unfixedpackage
postgresql-15removedpackage
postgresql-13removedpackage
postgresql-13postponedbullseyepackage

Примечания

  • https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=600086f471a3bb57ff4953accf1d3f8d2efe0201 (master)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7eb8fcad860e9a0548191dab7a87a5bead5f8e91 (REL_18_1)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f5999f01815969dfe8df33bac9c0f1aa38dd6cd5 (REL_17_7)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef (REL_15_15)

  • Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a (REL_13_23)

EPSS

Процентиль: 7%
0.0004
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-12818

CVSS3: 5.9
ubuntu
7 дней назад

[Avoid integer overflow in allocation-size calculations within libpq]

nvd логотип

CVE-2025-12818

CVSS3: 5.9
nvd
6 дней назад

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

msrc логотип

CVE-2025-12818

CVSS3: 5.9
msrc
5 дней назад

PostgreSQL libpq undersizes allocations, via integer wraparound

github логотип

GHSA-pr6x-gg24-6wfp

CVSS3: 5.9
github
6 дней назад

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

fstec логотип

BDU:2025-13962

CVSS3: 5.9
fstec
7 дней назад

Уязвимость библиотеки libpq системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 7%
0.0004
Низкий